---
# OpenVpn basic configuration

- name: Install needed package
  package:
    state: present
    name:
    - openvpn
  tags:
  - openvpn
  - packages

- name: Install ca for client
  copy: src={{ private }}/files/vpn/pki/ca.crt
        dest=/etc/openvpn/client/ca.crt
        owner=root group=root mode=0600
  tags:
  - install
  - openvpn
  #notify:
  #- restart openvpn (RHEL7+)

- name: Install ca for server
  copy: src={{ private }}/files/vpn/pki/ca.crt
        dest=/etc/openvpn/server/ca.crt
        owner=root group=root mode=0600
  tags:
  - install
  - openvpn
  #notify:
  #- restart openvpn (Fedora)

- name: Install certificate and key (rhel7 or fedora) for server
  copy: src={{ private }}/files/vpn/pki/ca.crt
        dest=/etc/openvpn/server/ca.crt
        owner=root group=root mode=0600
  tags:
  - install
  - openvpn
  #notify:
  #- restart openvpn (Fedora)
  #- restart openvpn (RHEL7)
  #- restart openvpn (RHEL6)
  when: inventory_hostname.startswith('bastion0')

- name: install fix-routes.sh script
  copy: src=fix-routes.sh
        dest=/etc/openvpn/fix-routes.sh
        owner=root group=root mode=0755
  tags:
  - openvpn
